App store malware: The latest in bad downloads

Hackers are always trying to infiltrate the systems of consumers and companies alike, and new ways to commit cybercrimes are cropping up all the time. Mobile devices are an especially big target of these kinds of attacks, and malicious actors continue to release new forms of malware aimed at taking them down – in fact, a Nokia report from early September showed that mobile malware infections had risen by 96 percent in the first half of 2016.

Mobile threats aren’t just isolated to smartphones, but a great majority of the mobile malware in the world is indeed carried on these devices. In fact, Nokia’s report found that 78 percent of mobile malware is installed on smartphones. The danger is two-fold: Not only can hackers get important information out of your smartphone, they can also potentially gain access to networks you’re connected to if they infiltrate the security on your phone. Organizations’ internal networks could be compromised if a smartphone with malicious programs installed connects to the system.

One of the methods that hackers use to infect smartphones is to develop applications with malicious code that hide in third-party app stores, waiting for unsuspecting users to download these bad apps and thus give hackers access to their devices.

Haima iOS helper

Malware comes in all forms, and hackers like to disguise their malicious programs as helpful apps that are found in these third-party stores. Trend Micro researchers noted recently that there is a third-party store called the Haima app store for iOS, which is popular because of how easy it is to use. The Haima store repackages official apps and makes it easier to incorporate advertising modules within them, helping their developers make money. This ease of use is thanks in part to an app called the “Haima iOS Helper,” which simplifies the installment and management of apps on the device.

However, Trend Micro researchers found that the helper app contains malicious code that allows viruses to steal information from users. In addition, there is a function within the app that steals the Apple ID of the user. This troubling functionality might seem benign at first look, but anything that takes your information without your permission could potentially be dangerous.

“[The Haima helper app] introduces serious security risks,” Trend Micro researchers wrote. “The apparent theft of the user’s Apple ID credentials is a serious risk in and of itself. The apparent inclusion of malicious functions in the code itself is also worrying.”

The recommendation in this kind of situation is to steer clear of third-party app stores, because situations like these occur where you may download something that’s supposed to facilitate your use of your device, and instead it turns out to be a wolf in sheep’s clothing. The security risk of downloading an app like this isn’t worth the perceived benefits.

WinRar and TrueCrypt

In addition, in mid-October, a malware surfaced that posed as a legitimate installer for the programs WinRar and TrueCrypt, according to HackRead contributor Owais Sultan. Once the malware installer, which is called StrongPity, is downloaded into the system, it takes total control. The WinRar malware has been removed, but the TrueCrypt installer has still been dropping malicious files on its users’ computers. StrongPity has the ability to steal private information by infiltrating hard drives through TrueCrypt.

“Although TrueCrypt’s development has long been halted since 2008 as Microsoft integrated support for encrypted virtual disks in its newer version of Windows following XP, the tool is still required to transfer the files from TrueCrypt to BitLocker format,” Sultan wrote. “The malware, through the distributor’s site, has made its way to Turkey, affecting a considerable amount of users.”

It’s a song that’s been sung before: Malware infects a system tool, making it hard for organizations to remove the malicious program laying in wait on the hard drive to abscond with personal data. All of this adds up to bad news for consumers and businesses alike – and good news for hackers.

Malicious past

The danger of third-party app stores isn’t new – this method of hacking into smartphones has been around for ages. Earlier this year, PCWorld contributor Jeremy Kirk reported that four third-party app stores for Android devices had hosted rooting malware, with 1,163 apps being the harborer of what Trend Micro called the ANDROIDOS_ LIBSKIN.A malware. This malicious program spread across at least 169 countries.

“These secretly downloaded apps will then present themselves as ads luring users to download other apps from time to time,” wrote Jordan Pan, a senior threat analyst from Trend Micro. “It can also be used to collect user data. The popups lure users into clicking unwanted apps. Clicking on the ads may not necessarily lead the user to the respective app or site.”

Even seemingly innocuous apps like Pokemon Go have been known to install unwanted malware on devices if downloaded from third-party app stores. When the extremely popular app was first released in July, impatient users that wanted to download the game before it was out in the U.S. resorted to grabbing it from app stores unsupported by the official company. This resulted in nearly 500,000 people downloading a fake app that contained a Trojan that was able to take hold of at least 6,000 phones, according to TechRadar.

The long-term impacts of these kinds of malicious programs can be devastating. By infiltrating your smartphone, the malware can infect other parts of your smart ecosystem, including any connected objects – part of the Internet of Things – which could lead to hackers gaining access to your personal data and, ultimately, your money.

This isn’t the end

Mobile malware is getting more sophisticated, as well, because threats typically found within the PC environment have been cropping up in mobile devices lately. According to ITProPortal contributor Sean Ginevan, mobile malware’s maturation isn’t something to ignore.

“Remote access tools aimed at both desktop PCs and mobile operating systems are becoming increasingly common and sophisticated,” Ginevan wrote. “Many are being sold complete with detailed instructions on how to use them and offer different pricing models, some even for free.”

Even ransomware is becoming more common on mobile devices, which is definitely bad news for unsuspecting smartphones users. Ginevan noted that over the past year, Google Play pulled hundreds of apps from the store due to steadily more stringent security requirements.

Third-party stores don’t have the regulatory eye that stores like the ones run by Apple and Google enjoy, which is why they pose such a threat to uninformed smartphone users. It would be best if smartphone owners didn’t visit third-party app stores to download their programs. This way, you can be sure that the apps you’re getting have been vetted by the companies that make the phones and the official applications in the first place.

Users should always be careful when they download anything from third-party app stores, as malicious programs may be lying in wait. Making sure you’re cautious when visiting these stores and investing in the best cybersecurity software for your mobile devices is always crucial. Get in touch with Trend Micro today for more information about how you can protect your network.